I’ve been using Far Manager for ~25 years (even before it became open source). I have it installed on a number of computers (work and private) and I use it all the time. I never had any security issues related to it during that time.
A member of my work’s IT security team reached out today that I need to delete Far, because there are warnings about threat reports “Russia-based threat actors using it to attack”. I asked about these warnings, since I also use Far on my private computers and if there are issues around it, I’d like to know, but the about quoted sentence is all I got. As far as I’m aware, Far is considered a reputable tool.
I’m an engineer and I have local admin privileges on my work laptop, so pretty much any tool that is installed could, potentially, be used as an attack vector. My Far installation only has addons that come with the official distribution. The virus scanner running on my laptop isn’t complaining about it (Windows 11).
I know that there are potential openings to target open-source projects (like supply chain hijacking, etc.), but I believe Far is using an old-school approach to these and is probably safer than most open-source tools, but over time a previously-safe tool may become compromised.
I cannot find any threat warnings about Far Manager (but it’s possible I’m not looking for the right keywords). Are there any such reports out there about Far?
